AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.

Ring -2 is one of the highest privilege levels on a computer, running above Ring -1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system’s Kernel.

The Ring -2 privilege level is associated with modern CPUs’ System Management Mode (SMM) feature. SMM handles power management, hardware control, security, and other low-level operations required for system stability.

Due to its high privilege level, SMM is isolated from the operating system to prevent it from being targeted easily by threat actors and malware.

SinkClose CPU flaw

Tracked as CVE-2023-31315 and rated of high severity (CVSS score: 7.5), the flaw was discovered by IOActive Enrique Nissim and Krzysztof Okupski, who named privilege elevation attack ‘Sinkclose.’

Full details about the attack will be presented by the researchers at tomorrow in a DefCon talk titled “AMD Sinkclose: Universal Ring-2 Privilege Escalation.”

The researchers report that Sinkclose has passed undetected for almost 20 years, impacting a broad range of AMD chip models.

The SinkClose flaw allows attackers with Kernel-level access (Ring 0) to modify System Management Mode (SMM) settings, even when SMM Lock is enabled. This flaw could be used to turn off security features and plant persistent, virtually undetectable malware on a device.

Ring -2 is isolated and invisible to the OS and hypervisor, so any malicious modifications made on this level cannot be caught or remediated by security tools running on the OS.

Okupski told Wired that the only way to detect and remove malware installed using SinkClose would be to physically connect to the CPUs using a tool called a SPI Flash programmer and scan the memory for malware.

According to AMD’s advisory, the following models are affected:

• EPYC 1st, 2nd, 3rd, and 4th generations
• EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000
• Ryzen Embedded V1000, V2000, and V3000
• Ryzen 3000, 5000, 4000, 7000, and 8000 series
• Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series
• Ryzen Threadripper 3000 and 7000 series
• AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)
• AMD Athlon 3000 series Mobile (Dali, Pollock)
• AMD Instinct MI300A

AMD stated in its advisory that it has already released mitigations for its EPYC and AMD Ryzen desktop and mobile CPUs, with further fixes for embedded CPUs coming later.

Real implications and response

Kernel-level access is a prerequisite for carrying out the Sinkclose attack. AMD noted this in a statement to Wired, underlying the difficulty in exploiting CVE-2023-31315 in real-world scenarios.

However, IOActive responded by saying that kernel-level vulnerabilities, although not widespread, are surely not uncommon in sophisticated attacks, which is true based on previous attacks covered by BleepingComputer.

Advanced Persistent Threat (APT) actors, like the North Korean Lazarus group, have been using BYOVD (Bring Your Own Vulnerable Driver) techniques or even leveraging zero-day Windows flaws to escalate their privileges and gain kernel-level access.

Ransomware gangs also use BYOVD tactics, employing custom EDR killing tools they sell to other cybercriminals for extra profits.

The notorious social engineering specialists Scattered Spider have also been spotted leveraging BYOVD to turn off security products.

These attacks are possible via various tools, from Microsoft-signed drivers, anti-virus drivers, MSI graphics drivers, bugged OEM drivers, and even game anti-cheat tools that enjoy kernel-level access.

All that said, Sinkclose could pose a significant threat to organizations using AMD-based systems, especially from state-sponsored and sophisticated threat actors, and should not be disregarded.